This document discusses the evolution of distributed denial of service (DDoS) attacks and how they are increasingly being offered as a service. It outlines how early DDoS attacks targeted the application layer but now exploit infrastructure as a service (IaaS) and DNS amplification. The document predicts that software as a service (SaaS) will be exploited for DDoS attacks and provides examples of how legitimate load testing services can be abused to launch hard to trace attacks against victims. It concludes by noting analytics services and other online tools that could enable DDoS attacks if used without conscience.

1. WEB UNDER PRESURE
DDoS as a Service
Denis Makrushin (@difezza)
Kaspersky Lab
http://defec.ru/

2. It was like that
2

3. Nowadays : application layer
3

4. Piece of the WEB-bot
4

5. Nowadays: IaaS
5

6. Nowadays: DNS Amplification
Disadvantages:
• Short life cycle of infected machines
• Support clouds with a lot of instances
• Trivial generators of traffic
6

7. Burst in tomorrow: SaaS
7

8. DoS, DDoS, stress…
8

9. Load testing as a Service
• Legitimate traffic
• The load is not limited by owners of service
• Cheap load
• Many services do not verify actions
• User-owned scenarios
• Analysis of a victim for a “heavy" content
9

10. Proof of Concept: Loadimpact.com
10

11. Analytics
11

12. Without registration and SMS:
loaddy.ru
12

13. SaaS Amplification
13

14. SaaS 4 DDoS
•
•
•
•
Traffic exchange
Whois-services
Monitoring services
All that "disturbs" the victim
14

15. If you have conscience
15

16. Thanks!
Any questions?
condifesa@gmail.com
twitter.com/difezza
http://defec.ru/